Endpoint-to-cloud security company, Lookout, has discovered major crypto mining scams using hundreds of Android apps. Categorised into two distinct Android app families, BitScam and CloudScam, the apps arew designed to target people interested in cryptocurrencies.
In total, security researchers at the Lookout Threat Lab identified more than 170 apps that are estimated to have scammed more than 93,000 victims. The majority of these apps are side-loaded (not via Google Play) although 25 were available for download on the Google Play app store. Lookout has been in close contact with Google and the apps on Play have been removed.
The BitScam and CloudScam apps advertise themselves as providing cloud cryptocurrency mining services for a fee. After analysing the apps, Lookout researchers found that no cloud crypto mining actually takes place. The scammers pocket the money spent on apps and upgrades without ever delivering the promised services. Lookout estimated that the apps stole more than $350,000 from their victims.
BitScam and CloudScam apps both trick people into thinking they are paying for cloud crypto mining services. In addition to the apps themselves costing money, they promote additional services and upgrades that users can purchase within the apps, either by transferring cryptocurrencies to the developers’ wallets or through Google Play. These apps also display fake minimum account balances to entice users to spend more money on the services and upgrades.
While the BitScam and CloudScam crypto mining apps have now been removed from Google Play, there are dozens more available for download on third-party app stores.
Ioannis Gasparis, mobile application security researcher, Lookout